Re: Trimming the SecurityPolicy DOM interface from Devdatta Akhawe on 2013-04-27 (public-webappsec@w3.org from April 2013)

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Sat, 27 Apr 2013 11:57:41 -0700
To: Alex Russell <slightlyoff@google.com>
Cc: Adam Barth <w3c@adambarth.com>, public-webappsec@w3.org, Mike West <mkwst@google.com>, "www-tag@w3.org List" <www-tag@w3.org>
Message-ID: <CAPfop_0DujiL50FNYTGSuXWx-N6LaU-_1FivcGFt9apAwwxNgw@mail.gmail.com>

Hi Alex,

I am not sure I follow what "implement CSP policy enforcement" refers
to. The interfaces, as far as I know, were always read-only for a
script to figure out the policy the browser is currently enforcing.
They never allowed you to modify/upgrade the current policy. Such an
interface would be a great candidate for a possible CSP1.2.

--dev

Received on Saturday, 27 April 2013 18:58:29 UTC